Page Comparison

\uD83D\uDCCA Success metrics

⚔️ Mission Critical Decisions

---

\uD83E\uDD14 Assumptions

---

🔗 Limitations

• Lists do not exist in nextgen Nextgen at this time.

---

🖇️ Dependencies

---

\uD83C\uDF1F Milestones & Timeline

Note
Milestones need to be scoped out in coordination with the engineers as of 12/20/24.

#	Milestone	Objective	Key Deliverables
1	API Endpoints	Develop key API endpoints to support the first focus of the Preference-Driven AI System.	Fully functional API endpoints: Glossary Endpoint Vendors/Organization Endpoint Assets Endpoint Configurable Items Endpoint Configuration Settings Endpoint Configuration Methods Endpoint Comprehensive API documentation for seamless integration. Moving data from Legacy system into NextGen for the above endpoints.

---

🎲 Use Cases

• OEM Software Supported Coverage

Use Case	NextGen
As a GRC professional, I would like to see the Framework References I have Common Control support for, and the mandates extracted from them.	Exists ADs Endpoint Citations Endpoint- for single AD Mandates Endpoint- for single AD Common Controls Endpoint -for single AD Does not Exist UI Citations Endpoint for multiple ADs Mandates Endpoing for Multiple ADs Common Controls Endpoint for multiple ADs
As a GRC professional, I would like to select a set of Frameworks and compare the Common Control coverage - for both licensed and nonlicensed Frameworks.	Does not Exist UI Common Control to ADs Endpoint Possible Metadata only for ADs?
As a GRC professional, I would like to see how the Common Controls are mapped back to the Frameworks I am licensed to.	Does not Exist Common Controls to Tagged Mandates Endpoint Common Controls to Citations Endpoint
As a GRC professional, I would like to see a list of Control Implementations for the Common Common controls I am licensed to use.	Info This may be possible through the control hierarchy of Common Controls Endpoint Does not Exist Common Controls Implementations Endpoint (Children Controls of the Matched Common Control)

---

\uD83D\uDDD2 Functional Requirements

#	User Story & Title	Description	Notes
	AD Frameworks to Common Controls User Interface	Build an interface for users to view a list of Common Controls for all licensed Authority Documents. Considerations Ability to hide ADs and their controls from list (no save view at this time) Ability to highlight controls for specific ADs
	Common Controls to Assets User Interface	Build an interface for users to view all Assests associated with the Common Controls for all their licensed Authority Documents.
	Common Controls to Config Information User Interface	Build an interface for users to view all Configuration information for each Assets associated with the Common Controls for all their licensed Authority Documents.
	AD Frameworks to Common Controls Common Controls to unlicensed ADs interface (Compare)	Build an interface for users to view all the Unlicensed, publicly searchable, ADs overlapping with the Common Controls for all their licensed Authority Documents. Considerations Filters for unlicensed ADs (Geography, Subject Matter, Originator) Note May want to not show the exact common controls they unlicensed ADs map too.

---

📕 Non-Functional Requirements

#	User Story & Title	Description	Notes
	Implement, test, and monitor performance standards
	Support serving content via HTTP/3
	Security headers are included in every HTTP response
	Compress all HTTP responses.
	Included etags, caching, and cache busting for all HTTP API endpoint responses, webpages, and webpage assets.

---

🔖 API Requirements

#	User Story & Title	Description	Notes
	Glossary Endpoint
	Vendors/Organization Endpoint	Retrieves vendor-related information for assets.
	Assets Endpoint	Retrieves asset information.
	Configurable Items Endpoint	Retrieves of configuration items relevant to assets.
	Configuration Settings Endpoint	Retrieves configuration settings tied to assets and configurable Items.
	Configuration Methods Endpoint	Retrieves methods tied to configurable assets items.
	Common Control to licensed ADs Endpoint
	Common Control to AD Catalog Endpoint
	Common Controls to Tagged Mandates Endpoint
	Common Controls to Citations Endpoint
	Common Controls Implementations Endpoint
	Citations Endpoint for multiple ADs
	Mandates Endpoint for Multiple ADs
	Common Controls Endpoint for multiple ADs
	Bulk Mandate Endpoint
	Bulk Common Control Endpoint
	Bulk Citations Endpoint

---

Flows

---

🖥️ User Interface

Mockup

initialResourceID 2278E287-509B-183B-1098-2EC38DDDB7D8 platformArchiveID att2736717825 Alignment Center downloadLink /download/attachments/2726199297/balsamiq_2278E287-509B-183B-1098-2EC38DDDB7D8_Master.png jwt eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI1NTcwNTg6ZWZjNTQ5ODAtMzI3Mi00ZGQ5LWI1ZTQtODFiNmQ5ZDFlZWJjIiwicXNoIjoiNGQ5NTFmYmNhNjM1OTJkNzc1NGZjMjgyN2JkMmFjYjk5YjBhNTZiY2JlMzBhYzNjNTNlZThjM2YwMGJiOTI5MiIsImlzcyI6IkNvbmZsdWVuY2U6MDA0MDUxNTM5OCIsImNvbnRleHQiOnt9LCJleHAiOjE3MzYyMDUzMDEsImlhdCI6MTczNjIwNTEyMX0.nXJc4KwsBZsZ76W_mgnRMVg3e0pvFYVee0Ft7_yaxZ0 resourceName Width 600 initialBranchID Master

---

🏁 User Workflows

---

🗺️ Architecture

---

🚚 Deliverables

---

 Open Questions

Date, Question	Answer	Date Answered, by whom

---

 Risks and Mitigations

Risks	Mitigations

---

🛑 Out of Scope

---

🚧 Change Log

This section includes changes made to PRD after approval.

Date [Date of Change]	Change Description [Brief Overview of the Change]	LOE [Estimation in Hours/Days]	Impact [Impact on overall project timeline or resources]	Approver/ Decision Maker